1. Field of the Invention
The present invention relates in general to a security technology, more specifically, to a device and a method of maintaining a secret code within an integrated circuit (IC) package. The secret code is fragmented into several smaller pieces. These pieces are maintained in different storage media, which prevent anyone from acquiring complete information of the secret code.
2. Description of the Related Art
In modern cryptosystems, data that require high security are encrypted by specific encryption algorithms and corresponding keys and the encrypted data are deciphered by corresponding decryption algorithms and keys. In the security theory, it assumes that encryption/decryption algorithms are open to the public but decryption keys are kept by users. In other words, a good cryptosystem must guarantee that no one can accurately decipher the encrypted data within a reasonable period, even if the discipline of encryption/decryption algorithms and other useful information, such as some plaintext-ciphertext pairs, are well known.
FIG. 1 (Prior Art) illustrates a schematic diagram of a conventional asymmetric cryptosystem, or called the public-key cryptosystem, that uses different keys for encryption and decryption. The most popular public-key cryptosystem is RSA, which stands for Rivest, Shamir, Adleman, the inventors of the RSA system. As shown in FIG. 1, the illustrated communication session includes communication station A and communication station B. Communication stations A and B contain encryption/decryption software packages 1a and 1b, respectively. In addition, a pair of public/private keys are dedicated to each of the communication stations. The public key and the private key of communication station A are called PCKA and PRKA, respectively. The public key and the private key of communication station B are called PCKB and PRKB, respectively. It is noticed that public keys are used for encryption and known by the public; private keys are confidential and used for decryption.
When communication station A attempts to transmit a document to communication station B, software package 1a first encrypts this document by using public key PCKB of communication station B, and transmits the encrypted document to communication station B. After receiving the encrypted document, communication station B activates software package 1b to decipher the encrypted document by using its private key PRKB, thereby acquiring the original document. On the contrary, when communication station B attempts to transmit a document to communication station A, software package 1b encrypts this document by using public key PCKA of communication station A, and transmits the encrypted document to communication station A. After receiving the encrypted document, communication station A can activate software package 1a to decrypt the encrypted document by using its private key PRKA, thereby acquiring the original document. It is noticed that algorithms used in software packages 1a and 1b and public keys PCKA and PCKB are open resources and known by the public. Accordingly, a cryptosystem must guarantee that it is almost impossible to draw the hidden information out of an encrypted document according to these open resources. In other words, if the corresponding private key is safe, the security level of such a cryptosystem could be maintained.
According to the above description, it appears that a poor maintenance of the private key (or the decryption keys in other systems) might be a weakness in security systems. A safe but inefficient approach to maintain the private key is to keep in mind. Users can retype the memorized private key while decrypting an encrypted data. However, it has become almost impossible to memorize these private keys correctly since they are getting longer and longer in modern cryptosystems. Accordingly, some visible forms, such as files or printed matters, are required to maintain these kinds of secret information. Therefore, there is a way to leak information due to the intrinsic features of these storage forms, such as portability and reproducibility.
In addition to being recorded in the files or printed matters, key information can also be mounted in a hardware module, which can be further mounted in the computer or data-processing machine. FIG. 2 (Prior Art) illustrates an example of such hardware module containing the key information. As shown in FIG. 2, hardware module 3, which includes key generator 3a and non-volatile memory 3b, provides a decryption key for cipher 4 to decipher ciphertext 5b into plaintext 5a. Key generator 3a is used to generate a pair of public/private keys, where the public key is released to the public and the private key is sent to non-volatile memory 3b. Non-volatile memory 3b maintains the private key in secret, either permanently or for a considerable lasting period. Placing key generator 3a within hardware module 3 can keep the private key in secret during private key transmission. Furthermore, cipher 4 can be merged into the hardware module 3 to increase the security level of the private key.
However, it is still possible to steal the private key from hardware module 3 even if key generator 3a and cipher 4 are completely merged into hardware module 3 and the private key is not revealed during any processing steps. The hardware module is usually sealed by an IC package. For example, an intended intruder can take a brute attack to the IC package, which means to open the sealed IC package, thereby accessing the non-volatile memory component and thus ferreting out the private key. Strictly speaking, such a situation is not regarded as a security hole in security systems. However, it is also true that the security wall of such systems is fragile by this attack.
Therefore, the objective of the present invention is to provide a method and a system that maintain a secret code within an integrated circuit package. Such a package can prevent an outside brute attack and can keep necessary key information in secret safely.
The present invention achieves the above objective by providing a device for maintaining a secret code, which is enclosed in an integrated circuit package and is connected to an external power supply located at the outside of the integrated circuit device. The device embracing the secret code comprises a non-volatile memory for holding the first part of the secret code, a volatile memory that is powered by an external power supply and used for dynamically holding the second part of the secret code, and a coding component that is coupled to the non-volatile memory and the volatile memory and used for transforming a first text fed into the integrated circuit package into a second text by using both the first and the second part of the secret code. For example, the non-volatile memory can be a flash memory; the volatile memory can be a register powered by the external power supply. Since the second part of the secret code is stored in the volatile memory and powered by the external power supply, it will disappear when disconnecting the external power supply. Accordingly, the complete secret code cannot be acquired by brute attacking.
In addition, the device for maintaining the secret code can comprise a secret code generator, a non-volatile memory, a code processor and a volatile memory. The non-volatile memory and the volatile memory have the same characteristics as those in the last case. In addition, the secret code generator is used for producing the first part of the secret code; the code processor is used for generating the second part of the secret code according to external visa data received from the outside of the integrated circuit package. Moreover, the device embracing the secret code can further comprise a coding component for encoding and decoding from one document to another document, by using both the first and the second part of secret code. The secret code generator can be a random number generator. The code processor can be remotely connected to an authority unit. In this case, the code processor comprises a first storage component for storing request data ready to be sent to the authority unit, a second storage component for storing the external visa data received from the authority unit, and a calculator for computing a first mathematical function of the request data and the external visa data to reproduce the second part of the secret code. Meanwhile, the authority unit comprises a third storage component for storing the request data received from the code processor, a fourth storage component for storing the second part of the secret code, and a calculator for computing a second mathematical function of the request data and the second part of the secret code to generate the external visa data. It is noted that the first mathematical function is the inverse of the second mathematical function.
In addition, the method for establishing a secret code in an integrated circuit package comprises the following steps. The first step is to produce a first part of the secret code within the integrated circuit package. Then the first part of the secret code is stored in the non-volatile memory located within the integrated circuit package. The next step is to generate a second part of the secret code according to external visa data supplied by the outside of the integrated circuit package, namely, the authority unit. Then the second part of the secret code is stored in a volatile memory that is located within the integrated circuit package and powered by an external power supply. Finally, the secret code including the first part and the second part of the secret code can be used as the complete secret code in the practical encoding/decoding scheme. The external visa data are acquired by the following steps. First, request data are sent from the integrated circuit package to the authority unit. The authority unit computes a first mathematical function of the request data and the second part of the secret code to generate the external visa data. Then the resulted external visa data are sent from the authority unit to the integrated circuit package. Finally, the external visa data together with the request data are operated on a second mathematical function that is the inverse of the first mathematical function. The second part of the secret code is acquired.